High severity8.8NVD Advisory· Published Nov 17, 2021· Updated Jun 17, 2026
CVE-2021-24804
CVE-2021-24804
Description
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Simple JWT Logindescription
- Range: <3.2.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6f015e8e-462b-4ef7-a9a1-bb91e7d28e37nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.